Experts: Hackers Outsmarting Outdated Retailer Security

Cyberattacks like the one launched against Target over the holidays are probably coming to a retailer near you, The Washington Post reports.

Sophisticated criminal hackers are outsmarting the antiquated security systems in the United States, experts say.

"Traditional defenses such as installing antivirus software and monitoring accounts for unusual activity have offered little resistance against Eastern European criminal gangs whose programmers write malicious code aimed at specific targets or buy inexpensive hacking kits online," according to The Post. "Armed with such tools, criminals can check for system weaknesses in wireless networks, computer servers or stores' card readers."

Former Washington Post reporter Brian Krebs reports on his blog, KrebsOnSecurity.com, that the attackers first broke into Target's network on Nov. 15 using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Pa., refrigeration, heating, and air-conditioning subcontractor that worked for various Target locations.

The hackers stole 40 million debit and credit card numbers from Target customers, as well as the personal information – names, addresses and telephone numbers – of an additional 70 million customers, according to Krebs.

"According to the company's homepage, Fazio Mechanical also has done refrigeration and HVAC projects for specific Trader Joe's, Whole Foods and BJ's Wholesale Club locations in Pennsylvania, Maryland, Ohio, Virginia, and West Virginia," Krebs reported.

According to Bloomberg, Neiman Marcus Group Ltd. reported more than 1 million customer credit cards may have been part of a security breach, and Michaels Stores, the world's largest arts and crafts retailer, reported some if its data may been used illegally.

A recent Verizon Business Solutions report states that just 11 percent of businesses have adopted industry standard security measures, according to the Post. Many experts believe the "best practices" still fall short of what's really needed to "defeat aggressive hackers lured by the prospect of a multimillion-dollar heist."

"You're going to see more and more people trying this," said Nicolas Christin, a security researcher at Carnegie Mellon University.

Cybercrime was up 26 percent in 2012, costing U.S. companies an average of $11.5 million, according to the Ponemon Institute, which conducts independent research on privacy, data protection, and information security policy.

For retailers to mount an effective defense against cybercriminals, it would require "expensive upgrades, including the adoption of end-to-end encryption, the walling-off of the most sensitive data on separate networks and the adoption of newer credit card technology that holds customer information on an embedded chip rather than the familiar black magnetic tape now on most American cards," reports The Post.

"Credit card chips can communicate with banks in a way that better protects a user's private information, often requiring a personal identification number to verify a purchase. Such systems are widespread in most of the developed world but are appearing in the United States only gradually."